Community discussions

MUM Europe 2020
 
michaelcarey
newbie
Topic Author
Posts: 41
Joined: Thu May 11, 2006 8:03 am
Location: Port Lincoln, South Australia

Port forward, 443 to internal server, and HTTPS web browsing

Wed Mar 21, 2012 11:41 am

Hi Everybody,

I've done more searching and can't seem to find anything specific to my question... I apologize if it's been covered before... I couldn't find it.

I'm setting up another RB750 router for use with some amateur radio VOIP servers (again).

It's a basic NAT router config with a PPPOE connection to an ADSL modem. I have NAT working fine and I've added some filter rules to lock down access from the internet to the router.

Next I have been setting up port forwarding to various PC's on the internal network but have come up against a problem I can't remember from when I set up my first RB750.

Alongside other TCP and UDP ports, I am forwarding TCP 443 to an internal address... which works fine, I can access the internal server from outside (I have disabled the RB750 www-ssl service), but it appears that this dstnat entry seems to break access to HTTPS web pages from PC's on the internal network. When it's disabled, web browsing to HTTPS web pages works fine.

What I have done to "fix" this is to add a !192.168.0.0/24 in the src address field. eg.

1 ;;; VK5REX D-Star HTTPS
chain=dstnat action=dst-nat to-addresses=192.168.0.17 to-ports=443
protocol=tcp src-address=!192.168.0.0/24 dst-port=443


This makes everything work OK, 443 from the internet to 192.168.0.17 and web browsing OK... but is this the right way to approach the problem. Can someone here tell me more, is this entry forwarding HTTPS requests back to the machine that originated them? I'm wondering what I have done different.

Michael.
 
alifamzari
just joined
Posts: 1
Joined: Sat Jan 12, 2019 4:18 pm

Re: Port forward, 443 to internal server, and HTTPS web browsing

Sat Jan 12, 2019 4:22 pm

I have similar issue and need some expert advice. I require to forward port 443 to internal IP, but it breaks HTTPS browsing.

Who is online

Users browsing this forum: Egert143, MSN [Bot], Safi, sbr, vladimirzajic84, Znevna and 98 guests